<!DOCTYPE html>
<html lang="en">

<head>
	

	


	

	<!--trying to figure out the canonical url issue with blogs-->
	<link rel="canonical" href="https://cybersecurity.att.com/blogs/labs-research/internet-of-termites" />

	<title>Internet of Termites | AT&T Alien Labs</title>

	

		

	<meta property="og:site_name" value="AT&T Cybersecurity" />
	<meta property="og:title" content="Internet of Termites" />
	<meta property="og:url" content="https://cybersecurity.att.com/blogs/labs-research/internet-of-termites" />
	<meta property="og:image" content="https://cdn-cybersecurity.att.com/blog-content/Blog-Images/open-graph/EDR-Blog-Post-Tile.png" />
	<meta property="og:description" content="Termite is a tool used to connect together chains of machines on a network. You can run Termite on a surprising number of platforms including mobile devices, routers, servers and desktops.

That means it can be used used to bounce a connection between multiple machines, to maintain a connection that otherwise wouldn&rsquo;t be possible:



Termite is a useful networking and penetration testing tool, but we&rsquo;re seeing it used in attacks to enable access to machines too. There has been little" />
		

		<script type="text/javascript" src="https://cybersecurity.att.com/public/dbf330b49b00cc2f496a6233c9dc954522001624dcc5"  ></script><script type="text/javascript" src="https://platform-api.sharethis.com/js/sharethis.js#property=619c04ec1bd25500123c9511&product=inline-share-buttons" async="async"></script>

	<meta charset="utf-8">

<link rel="preconnect" href="https://cdn-cybersecurity.att.com" />
<link rel="preconnect" href="https://www.att.com" />
<link rel="preconnect" href="https://www.googletagmanager.com" crossorigin />
<link rel="preconnect" href="https://cdn.vidyard.com" crossorigin />
<link rel="preconnect" href="https://cdnjs.cloudflare.com" crossorigin />
<link rel="preconnect" href="https://www.google-analytics.com" crossorigin />
<link rel="preconnect" href="https://play.vidyard.com" crossorigin />
<link rel="preconnect" href="https://adservice.google.com" crossorigin />
<link rel="preconnect" href="https://www.facebook.com" crossorigin />
<link rel="preconnect" href="https://www.google.com" crossorigin />
<link rel="preconnect" href="https://px.ads.linkedin.com" crossorigin />


<style>.async-hide { opacity: 0 !important} </style>
<script>(function(a,s,y,n,c,h,i,d,e){s.className+=' '+y;h.start=1*new Date;
    h.end=i=function(){s.className=s.className.replace(RegExp(' ?'+y),'')};
    (a[n]=a[n]||[]).hide=h;setTimeout(function(){i();h.end=null},c);h.timeout=c;
})(window,document.documentElement,'async-hide','dataLayer',4000,
    {'GTM-WGVFC3T':true});</script>
<link rel="preload" as="script" href="https://cybersecurity.att.com/public/dbf330b49b00cc2f496a6233c9dc954522001624dcc5"/><link rel="preload" href="https://www.googleoptimize.com/optimize.js?id=GTM-WGVFC3T" as="script">
<script async src="https://www.googleoptimize.com/optimize.js?id=GTM-WGVFC3T"></script>


<script src="https://cdn-cybersecurity.att.com/js/v2/imports/top-bundle.min.js?v=20220927602681"></script>


<link rel="preload" href="https://www.att.com/scripts/adobe/prod/edmDataDefinition.js" as="script">
<link rel="preload" href="https://www.att.com/scripts/adobe/prod/edmDataManager.js" as="script">
<link rel="preload" href="https://www.att.com/scripts/adobe/prod/marketing.min.js" as="script">
<link rel="preload" href="https://www.att.com/scripts/adobe/prod/detm_adobe.js" as="script">
<link rel="preload" href="https://www.att.com/scripts/adobe/prod/engage.min.js" as="script">






<!-- Google Tag Manager -->
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-KLJDXJN');</script>
<!-- End Google Tag Manager -->
<script src='https://www.att.com/scripts/adobe/prod/detm-container-hdr.js' data-restrictions='target' type='text/javascript'></script>


<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="ahrefs-site-verification" content="a6fa0378625f72f89c6f290c3c7559ffee326fb9232cd87fcace798afce3e30d">
<meta name="google-site-verification" content="GTQZz4AGa47UtmP64oC5BB735pkyncjtISHOcQZbIho" />
<meta name="google-site-verification" content="dOSpKecfL6OVRkgr2KvddmhD-l-g3x8vlru1kmbqa9M" />

<link rel="preload" as="font" type="font/ttf" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/zero-width.ttf" />
<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Bold.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Regular.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Light.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Medium.woff2" />


<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-LightItalic.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-BoldItalic.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-MediumItalic.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Italic.woff2" />
<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Black.woff2" />

<link rel="preload" as="font" type="font/woff2" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/css/fonts/glyphicons-halflings-regular.woff2" />
<link rel="preload" as="font" type="font/ttf" crossorigin="anonymous" href="https://cdn-cybersecurity.att.com/fonts/av-icons.ttf?e81fxl" />



<link rel="preload" as="style" href="https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20220927602681" />
<link rel="apple-touch-icon" sizes="144x144" href="https://cdn-cybersecurity.att.com/images/uploads/apple-touch-icon.png"/>
<link rel="icon" type="image/png" sizes="32x32" href="https://cdn-cybersecurity.att.com/images/uploads/favicon.ico"/>
<link rel="shortcut icon" href="https://cdn-cybersecurity.att.com/images/uploads/favicon.ico">
<link rel="manifest" href="https://cdn-cybersecurity.att.com/manifest.json">

<link rel="stylesheet" href="https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20220927602681" />





<script type="text/javascript">
  	var sc = document.createElement("script");
	sc.setAttribute("src", "https://www.att.com/scripts/adobe/virtual/detm-container-hdr.js");
	sc.setAttribute("type", "text/javascript");
	document.head.appendChild(sc);  
</script>


<script>
	var customAdobeTrackingPageLoadObj = {};
	if (typeof ddo !== "undefined") {initAdobePageTrackingHeader();}
	function adobeVideoCommenceVidyard(player) {
		var commenceEvent = {
			successFlag: 1,
			statusCode: 0,
			errorType: "Success_Admit",
			linkDestinationUrl: window.location.href,
			mediaId: player.uuid,
			mediaFriendlyName: player.metadata.name,
			videoType: "VOD",
			mediaPlayerName: "Vidyard",
			mediaCategory: "Security",
			mediaType: "Video",
			mediaClass: "Video",
			videoLengthTotal: player.metadata.length_in_seconds
		};
		if (typeof ddo !== "undefined") {
			ddo.pushEvent('video', 'Video_Commence', commenceEvent);
		}
	}
	function adobeVideoUpdateVidyard(player) {
		var updateEvent = {
			successFlag: 1,
			statusCode: 0,
			errorType: "Success_Admit",
			linkDestinationUrl: window.location.href,
			mediaId: player.uuid,
			mediaFriendlyName: player.metadata.name,
			videoType: "VOD",
			mediaPlayerName: "Vidyard",
			mediaCategory: "Security",
			mediaType: "Video",
			mediaClass: "Video",
			videoLengthTotal: player.metadata.length_in_seconds,
			videoLengthViewed: Math.floor(player.status.currentTime),
			videoProgressPercent: Math.ceil((player.status.currentTime / player.metadata.length_in_seconds) * 100)
		};
		if (typeof ddo !== "undefined") {
			ddo.pushEvent('video', 'Video_Update', updateEvent);
		}
	}

	function initAdobePageTrackingHeader() {
		ddo.disableAutoPageLoad();
		document.addEventListener('click', function (event) {
			var target = event.target;
			if (!target.href || !target.text) { return true; }
			var linkEvent = {
				slotFriendlyName: "link-click",
				contentFriendlyName: "Link Click",
				mediaCategory: "Security"
			};
			linkEvent.linkName = target.text;
			linkEvent.linkDestinationUrl = target.href;
			if (target.href.indexOf('#watch-') >= 0) {
				linkEvent.slotFriendlyName = 'watch-video';
				linkEvent.contentFriendlyName = 'Watch Video';
				linkEvent.linkName = 'Watch Video';
			}
			ddo.pushEvent("linkClick", "Link_Click", linkEvent);
		});
		
		customAdobeTrackingPageLoadObj['page.location.url'] = '/blogs/labs-research/internet-of-termites';


		
		
		    customAdobeTrackingPageLoadObj['page.category.siteSubSection1'] = 'blogs';
		


		
		
			customAdobeTrackingPageLoadObj['page.category.siteSubSection2'] = 'labs-research';
		



		
		
			customAdobeTrackingPageLoadObj['page.category.siteSubSection3'] = 'internet-of-termites';
		


		
		

		
		


		
			customAdobeTrackingPageLoadObj['page.media.objective'] = 'Awareness';
		

		
	}
</script>


<script type="text/javascript">
    var _elqQ = _elqQ || [];
    _elqQ.push(['elqSetSiteId', '1086385399']);

    _elqQ.push(['elqUseFirstPartyCookie', 'cyber-tracking.att.com']);

    _elqQ.push(['elqTrackPageView', window.location.href]);

    (function () {
        function async_load() {
            var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true;
            s.src = '//img03.en25.com/i/elqCfg.min.js';
            var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(s, x);
        }
        if (window.addEventListener) window.addEventListener('DOMContentLoaded', async_load, false);
        else if (window.attachEvent) window.attachEvent('onload', async_load);
    })();
</script>


	<link rel="alternate" type="application/rss+xml" title="AlienVault Open Threat Exchange Blog" href="/site/blog-all-rss" />

	<style>


	.section-breadcrumb ol {
    margin-top: 0px !important;
    margin-bottom: 10px;
	}

	.flexible-layout .section-breadcrumb ol li a,
	.flexible-layout .section-breadcrumb ol li{
    	color: #000;
    	font-size: 12px;
	}

	.section-breadcrumb .glyphicon {
    font-size: 10px;
    line-height: 10px;
    font-weight: 300;
    color: #000!important;
	}

	.blog-author-info {
		width: 70%;
		float: left;
		color: #191919;
	}

	.blog-subscribe-grid ul {
		margin-left: 0px;
		margin-bottom: 0px;
		padding-left: 0px;
	}

	.blog-subscribe-grid ul li {
		list-style-type: none;
		line-height: 20px;
	}

	.blog-subscribe-grid ul li a {
		color: #c6ced5;
		font-size: 14px;
		text-decoration: none;
	}

	.blog-subscribe-grid ul li a:hover {
		text-decoration: underline;
	}

	.blog-content-area img {
		width: 100%!important;
		height: auto!important;
	}

	.blog-promo-item {
		clear: both;
		overflow: hidden;
		margin-bottom: 30px;
	}
	.promo-block .small {
		text-transform: uppercase;
	}

	.blog-promo-item-text {
		width: 345px;
		float: left;
		max-width:100%;
	}

	.blog-promo-item p {
		margin-bottom: 0px!important;
	}






	#blog-promo-block {
		padding-top: 20px;
	}



	/*promo block and sticky classes*/

	.sticky-sidebar {
		top: 147px;
		position: -webkit-sticky; /* Safari */
		position: sticky;
	}
	     .sidebar-search {
			 margin-bottom: 30px;
		 }

         .sidebar-search .search-button {
                width: 100%;
                position: relative;
            }

            .sidebar-search .search-button input {
                padding: 0px;
                margin: 2px 0px 0px 0px;
                position: absolute;
                background: url(https://cdn-cybersecurity.att.com/images/icn-sidebar-search.png) top left no-repeat;
                background-size: 25px 25px;
                width: 25px;
                height: 25px;
                cursor: pointer;
                text-indent: -9999em;
                border: none;
                left: 10px;
                top: 6px;
             }

			.sidebar-search .search-field input {
                border: 0;
                width: 100%;
                height: 30px;
                padding-left: 50px;
				margin-top: 5px;
            }

            .sidebar-search .search-field {
                border: 1px solid #CCCCCC;
                width: 100%;
                height: 40px;
            }

            #q::placeholder {
          		color: #767676!important;
            }

            #blog-subscribe-box {
			height:auto;
            padding: 32px;
            background-image: url('https://cdn-cybersecurity.att.com/images/uploads/backgrounds/blog-email-subscribe-bkg.jpg');
            background-size: cover;
            }

            #blog-subscribe-box h2 {
            color: #fff;
            font-size:32px;
            }

			#blog-subscribe-box p {
				margin-bottom: 10px;
			}






	@media (max-width: 991px) {
            .sidebar-search .search-button input {
                padding: 0px;
                background: transparent;
                cursor: pointer;
                text-indent: -9999em;
                border: none;
                right: 5px;
                top: 5px;
                padding-left: 0px;
             }

            .sidebar-search .search-field input {
             padding-left: 15px;
             }


            }

            	@media (min-width: 768px) and (max-width: 920px){
	.blog-subscribe-grid .btn {
		border-radius: 24px;
	    font-size: 12px;
	    line-height: 18px;
	    border: none;
	    padding: 6px 36px;
	    height: 30px;
	    font-weight: 500;
	}
}


		.blog-content-area p,
		.blog-content-area ul li,
		.blog-content-area ol li{
			font-size: 16px;
			line-height: 20px;
			font-weight: 400;
		}
		.blog-content-area ul li,
		.blog-content-area ol li {
			margin-bottom: 10px;
		}

		.blog-content-area {
		margin-top: 30px;
		}

		.flexible-layout .section-breadcrumb {
		margin-bottom: 30px;
		}

		.blog-detail h1 {
    		color: #000;
			background: transparent;
    		padding: 0px;
		}

		.blog-title-date-author-area {
			padding-bottom: 20px;
			border-bottom: #959595 1px solid;
		}

		.blog-body {
		padding-top: 20px;
		}


		.blog-detail .blog-categories {
    background-color: transparent;
    border-bottom: 1px solid #959595;
    border-top: 1px solid #959595;
    padding: 20px 0px 20px 0px;
    color: #000;
    margin: 30px 0px;
    font-size: 16px;
    line-height: 24px;
	font-weight: 400;
	}

	.blog-detail .blog-categories a {
	font-weight: 400;
	}

	.blog-share {
	margin-top: 60px;
	text-align: center;
	margin-bottom: 60px;
	}

	.blog-listing-social {
		display: block;
	}

	#st-1 .st-btn {
	  border-radius: 25px!important;
	  border: none;
	  cursor: pointer;
	  display: inline-block;
	  font-size: 12px;
	  height: 45px!important;
	  line-height: 40px!important;
	  margin-right: 8px;
	  padding: 0 10px;
	  position: relative;
	  text-align: center;
	  top: 0;
	  vertical-align: top;
	  white-space: nowrap;
	  margin-right: 20px!important;
	}

	#st-1 .st-btn > img {
	  display: inline-block;
	  height: 25px!important;
	  width: 25px!important;
	  position: relative;
	  top: 10px;
	  vertical-align: top;
	  }

	  #st-1 .st-btn[data-network='email'] {
	  	background-color: #e0752d!important;
	  }

	  .st-first {
	  	margin-left: 20px!important;
	  }

	</style>

</head>

	<body class="listing-blog-entry-id-491">
			<!-- Google Tag Manager (noscript) -->
<noscript><iframe src='https://www.googletagmanager.com/ns.html?id=GTM-KLJDXJN'
height='0' width='0' style='display:none;visibility:hidden'></iframe></noscript>
<!-- End Google Tag Manager (noscript) -->
<script src='https://www.att.com/scripts/adobe/prod/detm-container-ftr.js' type='text/javascript'></script>


		<header id="header" class="navbar navbar-fixed-top">

	<style>
@media (max-width: 543px) {
	.hide-on-mobile {
		display: none;
	}
}
</style>

<div id="news-banner">
    <div class="container-fluid">
        <div class="row vcenter">
            <div class="col-sm-12">

                <div id="news-headline-link">
					<a href="/products/strategy-and-roadmap/sase-readiness" class="text-white">
						Start your SASE readiness consultation today.
						<span class="hide-on-mobile">Learn more</span> &LongRightArrow;
					</a>
                </div>
				<div id="search-contact">
					<ul class="list-unstyled header_nav_top_list">
						<li class="header_nav_top_list_item"><a id="top-nav-support" href="/support">Support</a></li>
						<li class="header_nav_top_list_item"><a id="top-nav-contact" href="/contact">Contact</a></li>
						<li class="header_nav_top_list_item search">
							<form action="/search-results" method="get" id="top-search-form" __bizdiag="113" __biza="WJ__"><input name="q" id="top-search-form-text" type="text" placeholder="Search" aria-label="Search"><button type="submit"><span class="glyphicon glyphicon-search"></span></button></form>

						</li>
					</ul>
				</div>
            </div>
        </div>
    </div>
</div>






	<div id="header-container" class="container-fluid">
		<div id="header-logo">
			<div class="logo-globe"><a href="https://business.att.com" target="_blank"><img src="https://cdn-cybersecurity.att.com/images/uploads/logos/att-globe.svg" alt="AT&amp;T Business" /></a></div>
			<div class="att-business"><a href="https://business.att.com" target="_blank"><img src="https://cdn-cybersecurity.att.com/images/uploads/logos/att-business-web.svg" alt="AT&amp;T Business" /></a></div>
			<div class="att-cybersecurity"><a href="/"><img src="https://cdn-cybersecurity.att.com/images/uploads/logos/att-cybersecurity-web.svg" alt="AT&amp;T Cybersecurity" /></a></div>
		</div>

		<button type="button" class="header_toggle_nav navbar-toggle collapsed" data-toggle="collapse" data-target="#header-nav" aria-expanded="false">
			<span class="sr-only">Toggle navigation</span>
			<span class="avicon avicon-bars"></span>
			<span class="avicon avicon-close"></span>
		</button>
		
		
			<a href="/contact" id="header-cta" class="hidden-md hidden-lg btn btn-blue btn-sm">Contact us</a>
		

		<nav class="navbar-collapse collapse" id="header-nav">
			<ul class="nav navbar-nav list-unstyled">
				<li class="nav-item mobile-search visible-sm visible-xs">
					<form action="/search-results" method="get" id="mobile-search-form" __bizdiag="113" __biza="WJ__"><input name="q" id="mobile-search-form-text" type="text" placeholder="Search" aria-label="Search"><button type="submit"><span class="glyphicon glyphicon-search"></span></button></form>
				</li>
				<li class="nav-item has-dd products">
					<a id="main-nav-products" href="/products" class="dropdown-toggle" data-toggle="collapse" role="button" aria-expanded="false" data-target="#products-dd">Products<span class="glyphicon glyphicon-chevron-up"></span><span class="glyphicon glyphicon-chevron-down"></span>
					</a>
					<div class="nav-dropdown collapse" id="products-dd">
						<div class="dd-multi-col container-fluid">
							<ul class="list-unstyled sub-nav">
									<li id="first-sub-cyber-strategy-risk"><a href="/categories/cybersecurity-consulting-services" class="first-level">Cybersecurity Consulting Services</a>
										<div class="desktop-subnav open">
											<ul class="list-unstyled">
												<li class="second-sub-heading">Cyber Strategy</li>
												<li class="second-sub-link"><a href="/products/strategy-and-roadmap">Strategy and Roadmap Planning</a></li>

												<li class="second-sub-link"><a href="/products/security-assessment">Enterprise Security Assessment Services</a></li>
												<li class="second-sub-link"><a href="/products/risk-based-cyber-posture-assessment">Risk-based Cyber Posture Assessment</a></li>
											</ul>
											<ul class="list-unstyled">
												<li class="second-sub-heading">Risk and Compliance</li>
												<li class="second-sub-link"><a href="/products/security-compliance">Security Compliance</a></li>
											</ul>
											<ul class="list-unstyled">
												<li class="second-sub-heading">Vulnerability and Threat Management</li>
												<li class="second-sub-link"><a href="/products/managed-vulnerability-program">Managed Vulnerability Program</a></li>
												<li class="second-sub-link"><a href="/products/penetration-testing-services">Penetration Testing</a></li>
												<li class="second-sub-link"><a href="/products/adversary-simulation-service">Adversary Simulation Services</a></li>
												<li class="second-sub-link"><a href="/products/incident-response">Incident Response Services</a></li>
											</ul>
											<ul class="list-unstyled">
												<li class="second-sub-heading">CSO Advisory Services</li>
												<li class="second-sub-link"><a href="/products/cybersecurity-iq-training">Cybersecurity IQ Training</a></li>
											</ul>
										</div>
										<div class="mobile-subnav">
											<ul class="list-unstyled sub-nav">
												<li class="second-sub-link"><a href="/products/strategy-and-roadmap">Strategy and Roadmap Planning</a></li>
												<li class="second-sub-link"><a href="/products/security-assessment">Enterprise Security Assessment Services</a></li>
												<li class="second-sub-link"><a href="/products/risk-based-cyber-posture-assessment">Risk-based Cyber Posture Assessment</a></li>

												<li class="second-sub-link"><a href="/products/security-compliance">Security Compliance</a></li>

												<li class="second-sub-link"><a href="/products/managed-vulnerability-program">Managed Vulnerability Program</a></li>

												<li class="second-sub-link"><a href="/products/penetration-testing-services">Penetration Testing</a></li>
												<li class="second-sub-link"><a href="/products/adversary-simulation-service">Adversary Simulation Services</a></li>
												<li class="second-sub-link"><a href="/products/incident-response">Incident Response Services</a></li>
												<li class="second-sub-link"><a href="/products/cybersecurity-iq-training">Cybersecurity IQ Training</a></li>
											</ul>
										</div>
									</li>
                                    <li id="first-sub-managed-security-services"><a href="/categories/managed-security-services" class="first-level">Managed Security Services</a>
                                        <div class="desktop-subnav">
                                            <ul class="list-unstyled">
                                                <li class="second-sub-heading">Network Security</li>
												<li class="second-sub-link"><a href="/products/secure-web-gateway">Secure Web Gateway</a></li>
												<li class="second-sub-link"><a href="/products/secure-remote-access">Secure Remote Access</a></li>
                                                <li class="second-sub-link"><a href="/products/sase-branch-with-fortinet">SASE Branch with Fortinet</a></li>
												<li class="second-sub-link"><a href="/products/sase-with-palo-alto-networks">SASE with Palo Alto Networks</a></li>
                                                <li class="second-sub-link"><a href="/products/reactive-ddos-services">Reactive Distributed Denial of Service Defense</a></li>
                                                <li class="second-sub-link"><a href="/categories/network-security">View All</a></li>
                                            </ul>
                                            <ul class="list-unstyled">
                                                <li class="second-sub-heading">Threat Detection</li>
                                                <li class="second-sub-link"><a href="/products/managed-threat-detection-and-response">Managed Threat Detection and Response</a></li>
                                            </ul>
                                            <ul class="list-unstyled">
                                                <li class="second-sub-heading">Endpoint Security</li>
                                                <li class="second-sub-link"><a href="/products/sentinel-one">SentinelOne</a></li>
                                                <li class="second-sub-link"><a href="/products/mobile-iron">MobileIron</a></li>
                                                <li class="second-sub-link"><a href="/products/lookout">Lookout Mobile Endpoint Security</a></li>
                                            </ul>

                                        </div>
                                        <div class="mobile-subnav">
                                            <ul class="list-unstyled sub-nav">
												<li class="second-sub-link"><a href="/products/secure-web-gateway">Secure Web Gateway</a></li>
												<li class="second-sub-link"><a href="/products/secure-remote-access">Secure Remote Access</a></li>
                                                <li class="second-sub-link"><a href="/products/sase-branch-with-fortinet">SASE Branch with Fortinet</a></li>
												<li class="second-sub-link"><a href="/products/sase-with-palo-alto-networks">SASE with Palo Alto Networks</a></li>
                                                <li class="second-sub-link"><a href="/products/reactive-ddos-services">Reactive Distributed Denial of Service Defense</a></li>
                                                <li class="second-sub-link"><a href="/products/managed-threat-detection-and-response">Managed Threat Detection and Response</a></li>
                                                <li class="second-sub-link"><a href="/products/sentinel-one">SentinelOne</a></li>
                                                <li class="second-sub-link"><a href="/products/mobile-iron">MobileIron</a></li>
                                                <li class="second-sub-link"><a href="/products/lookout">Lookout Mobile Endpoint Security</a></li>
                                            </ul>
                                        </div>
                                    </li>
									<li id="first-sub-network-security"><a href="/categories/network-security" class="first-level">Network Security</a>
										<div class="desktop-subnav">
											<ul class="list-unstyled">
												<li class="second-sub-heading">AT&T Trusted Internet Access</li>
												<li class="second-sub-link"><a href="/products/secure-web-gateway">Secure Web Gateway</a></li>
												<li class="second-sub-link"><a href="/products/secure-remote-access">Secure Remote Access</a></li>
												<li class="second-sub-link"><a href="/products/secure-workforce-with-check-point">Secure Workforce with Check Point</a></li>

												<li class="second-sub-link"><a href="/products/network-based-firewall">Network Based Firewalls</a></li>
												<li class="second-sub-link"><a href="/products/premises-based-firewall">Premises Based Firewalls</a></li>
												<li class="second-sub-link"><a href="/products/premises-based-firewall-express-with-check-point">Premises-Based Firewall Express with Check Point</a></li>
												<li class="second-sub-link"><a href="/products/enhanced-access-security">Enhanced Cybersecurity Services</a></li>
											</ul>
											<ul class="list-unstyled">
												<li class="second-sub-heading">AT&T Infrastructure and Application Protection</li>
												<li class="second-sub-link"><a href="/products/reactive-ddos-services">Reactive Distributed Denial of Service Defense</a></li>
												<li class="second-sub-link"><a href="/products/application-layer-security">AT&T Application Layer Security</a></li>
											</ul>
										</div>
										<div class="mobile-subnav">
											<ul class="list-unstyled sub-nav">
												<li class="second-sub-heading">AT&T Trusted Internet Access</li>
												<li class="second-sub-link"><a href="/products/secure-web-gateway">Secure Web Gateway</a></li>
												<li class="second-sub-link"><a href="/products/secure-remote-access">Secure Remote Access</a></li>
												<li class="second-sub-link"><a href="/products/secure-workforce-with-check-point">Secure Workforce with Check Point</a></li>
												<li class="second-sub-link"><a href="/products/network-based-firewall">Network Based Firewalls</a></li>
												<li class="second-sub-link"><a href="/products/premises-based-firewall">Premises Based Firewalls</a></li>
												<li class="second-sub-link"><a href="/products/premises-based-firewall-express-with-check-point">Premises-Based Firewall Express with Check Point</a></li>
												<li class="second-sub-link"><a href="/products/enhanced-access-security">Enhanced Cybersecurity Services</a></li>

												<li class="second-sub-heading">AT&T Infrastructure and Application Protection</li>
												<li class="second-sub-link"><a href="/products/reactive-ddos-services">Reactive Distributed Denial of Service Defense</a></li>
												<li class="second-sub-link"><a href="/products/application-layer-security">AT&T Application Layer Security</a></li>
											</ul>
										</div>
									</li>
									<li id="first-sub-unified-endpoint"><a href="/categories/endpoint-security" class="first-level">Endpoint Security</a>
										<div class="desktop-subnav">
											<ul class="list-unstyled">
												<li class="second-sub-heading">Endpoint Security</li>
												<li class="second-sub-link"><a href="/products/sentinel-one">SentinelOne</a></li>
												<li class="second-sub-link"><a href="/products/mobile-iron">MobileIron</a></li>
												<li class="second-sub-link"><a href="/products/vmware">VMware Workspace ONE®</a></li>
												<li class="second-sub-link"><a href="/products/ibm-maas360">IBM MaaS360</a></li>
												<li class="second-sub-link"><a href="/products/lookout">Lookout Mobile Endpoint Security</a></li>
												<li class="second-sub-link"><a href="/products/mcafee-endpoint-protection">McAfee Endpoint Protection</a></li>
												<li class="second-sub-link"><a href="/products/samsung-knox-manage">Samsung Knox</a></li>

											</ul>
										</div>
										<div class="mobile-subnav">
											<ul class="list-unstyled sub-nav">
													<li class="second-sub-link"><a href="/products/sentinel-one">SentinelOne</a></li>
													<li class="second-sub-link"><a href="/products/mobile-iron">MobileIron</a></li>
													<li class="second-sub-link"><a href="/products/vmware">VMware Workspace ONE®</a></li>
													<li class="second-sub-link"><a href="/products/ibm-maas360">IBM MaaS360</a></li>
													<li class="second-sub-link"><a href="/products/lookout">Lookout Mobile Endpoint Security</a></li>
													<li class="second-sub-link"><a href="/products/mcafee-endpoint-protection">McAfee Endpoint Protection</a></li>
													<li class="second-sub-link"><a href="/products/samsung-knox-manage">Samsung Knox</a></li>

											</ul>
										</div>
									</li>
									<li id="first-sub-threat-detection-response"><a href="/categories/threat-detection-and-response" class="first-level">Threat Detection and Response</a>
										<div class="desktop-subnav">

											<ul class="list-unstyled sub-nav">
												<li class="second-sub-heading">AT&T Threat Solutions</li>
												<li class="second-sub-link"><a href="/products/managed-threat-detection-and-response">Managed Threat Detection and Response</a></li>
												<li class="second-sub-link"><a href="/products/threat-detection-and-responses-for-government">Threat Detection and Response for Government</a></li>
												<li class="second-sub-link"><a href="/products/usm-anywhere">USM Anywhere</a></li>
												<li class="second-sub-link"><a href="/products/usm-anywhere-advisors">USM Anywhere Advisors</a></li>
												<li class="second-sub-link"><a href="/products/usm-for-mssp">XDR for MSSPs</a></li>
											</ul>

											<div id="products-tdr-menu-image">
												<a href="/alien-labs">
													<img src="https://cdn-cybersecurity.att.com/images/uploads/icons/alien-labs.svg" alt="">
													<p >Powered by<br>AT&amp;T Alien Labs</p>
												</a>
											</div>
										</div>
										<div class="mobile-subnav">
											<ul class="list-unstyled sub-nav">

												<li class="second-sub-heading">AT&T Threat Solutions</li>
												<li class="second-sub-link"><a href="/products/managed-threat-detection-and-response">Managed Threat Detection and Response</a></li>
												<li class="second-sub-link"><a href="/products/threat-detection-and-responses-for-government">Threat Detection and Response for Government</a></li>

												<li class="second-sub-link"><a href="/products/usm-anywhere">USM Anywhere</a></li>
												<li class="second-sub-link"><a href="/products/usm-anywhere-advisors">USM Anywhere Advisors</a></li>
												<li class="second-sub-link"><a href="/products/usm-for-mssp">XDR for MSSPs</a></li>

												</ul>
										</div>
									</li>

							</ul>
						</div>
						<!--<div class="dd-bottom visible-lg" id="view-all-products">
							<div class="container-fluid">
								<a href="/products">
									<span class="view-all-text">View All Products &LongRightArrow;</span>
								</a>
							</div>
						</div>-->
					</div>
				</li>
				<li class="nav-item has-dd solutions">
					<a id="main-nav-solutions" href="/solutions" class="dropdown-toggle" data-toggle="collapse" role="button" aria-expanded="false" data-target="#solutions-dd">Solutions<span class="glyphicon glyphicon-chevron-up"></span><span class="glyphicon glyphicon-chevron-down"></span></a>
					<div class="nav-dropdown collapse" id="solutions-dd">
						<div class="dd-multi-col container-fluid">
							<ul class="list-unstyled sub-nav hidden-md hidden-lg">
								<li><a id="main-nav-see-all-solutions-mobile" href="/solutions" class="header_nav_link">See All Solutions</a></li>
							</ul>
							<div id="compliance">
								<div class="menu-header">Compliance</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/solutions/it-compliance-management">Overview</a></li>
									<li><a href="/solutions/gdpr-compliance">GDPR</a></li>
									<li><a href="/solutions/hipaa-compliance">HIPAA</a></li>
									<li><a href="/solutions/iso-27001-compliance">ISO 27001</a></li>
									<li><a href="/solutions/pci-dss-compliance">PCI DSS</a></li>
									<li><a href="/solutions/soc-2-compliance">SOC 2</a></li>
								</ul>
							</div>
							<div id="industry">
								<div class="menu-header">Industry</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/solutions/education">Education</a></li>
									<li><a href="/solutions/energy-sector-security">Energy Sector</a></li>
									<li><a href="/solutions/government">Federal</a></li>
									<li><a href="/solutions/financial-services">Financial Services</a></li>
									<li><a href="/solutions/healthcare">Healthcare</a></li>
									<li><a href="/solutions/manufacturing">Manufacturing</a></li>
									<li><a href="/partners/mssp-program">MSSPs</a></li>
									<li><a href="/solutions/retail">Retail</a></li>
								</ul>
							</div>
							<div id="environment">
								<div class="menu-header">Environment</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/solutions/5g-security-solutions">5G</a></li>
									<li><a href="/solutions/aws-security-and-compliance-management">AWS</a></li>
									<li><a href="/solutions/azure-security-and-compliance-management">Azure</a></li>
									<li><a href="/solutions/cloud-security">Cloud</a></li>
									<li><a href="/solutions/iot-and-mobility-security">IOT/Mobility</a></li>
									<li><a href="/solutions/hybrid-cloud-security">Hybrid</a></li>
									<li><a href="/solutions/network-security">Network</a></li>
									<li><a href="/solutions/remote-workforce-security">Remote Workforce</a></li>

								</ul>
							</div>
							<div id="core-capabilities">
								<div class="menu-header">Security Use Cases</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/solutions/intrusion-detection-system">Intrusion Detection</a></li>
									<li><a href="/solutions/secure-access-service-edge">Secure Access Service Edge</a></li>
									<li><a href="/solutions/secure-web-gateway">Secure Web Gateway</a></li>
									<li><a href="/solutions/siem-platform-solutions ">SIEM Platform Solutions</a></li>
									<li><a href="/solutions/extended-detection-and-response">XDR</a></li>
									<li><a href="/solutions/zero-trust-architecture">Zero Trust Architecture</a></li>

								</ul>
							</div>
						</div>
						<div class="dd-bottom visible-md visible-lg" id="view-all-solutions">
							<div class="container-fluid">
								<a href="/solutions">
									<span class="view-all-text">View All Solutions &LongRightArrow;</span>
								</a>
							</div>
						</div>
					</div>
				</li>
				<li class="nav-item has-dd partners">
					<a id="main-nav-partners" href="/partners" class="dropdown-toggle" data-toggle="collapse" role="button" aria-expanded="false" data-target="#partners-dd">Partners<span class="glyphicon glyphicon-chevron-up"></span><span class="glyphicon glyphicon-chevron-down"></span></a>
					<div class="nav-dropdown collapse" id="partners-dd">
						<div class="dd-multi-col container-fluid">
							<ul class="list-unstyled sub-nav hidden-md hidden-lg">
								<li><a id="main-nav-partners-mobile" href="/partners/become-a-partner">Become a Partner</a></li>
							</ul>
							<div id="become-a-partner">
								<div class="menu-header">Become a Partner</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/partners">All Partner Programs</a></li>
									<li><a href="/partners/mssp-program">MSSP Program</a></li>
									<li><a href="/partners/resellers">Reseller Program</a></li>
									<li><a href="/partners/partner-portal/">Partner Portal Login</a></li>
								</ul>
							</div>

							<div id="find-a-partner">
								<div class="menu-header">Find a Partner</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/partners/find-partner">Find an MSSP</a></li>
									<li><a href="/partners/locator">Find a Reseller</a></li>
									<li><a href="/partners/certified-implementation-partners">Professional Services</a></li>
								</ul>
							</div>
							<div id="technology-partners">
								<div class="menu-header">Technology Partners</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/app">USM Anywhere Integrations</a></li>
									<li><a href="/partners/technology-partners">OTX Partners</a></li>
								</ul>
							</div>
						</div>
						<div class="dd-bottom visible-md visible-lg" id="view-all-partners">
							<div class="container-fluid">
								<a href="/partners/become-a-partner">
									<span class="view-all-text">Become a Partner &LongRightArrow;</span>
								</a>
							</div>
						</div>
					</div>
				</li>
				<li class="nav-item has-dd resources">
					<a id="main-nav-resources" href="/resource-center#language_en" class="dropdown-toggle" data-toggle="collapse" role="button" aria-expanded="false" data-target="#resources-dd">Resources<span class="glyphicon glyphicon-chevron-up"></span><span class="glyphicon glyphicon-chevron-down"></span></a>
					<div class="nav-dropdown collapse" id="resources-dd">
						<div class="dd-multi-col container-fluid">

							<div id="resources-menu-image" class="visible-lg">
								<img src="https://cdn-cybersecurity.att.com/images/uploads/thehub-thumbnail.jpg">
								<p>Explore The Hub, our home for all virtual experiences</p>
								<a href="https://hub.att.com/expo-hall/cybersecurity/">Explore now ⟶</a>
							</div>

							<ul class="list-unstyled sub-nav hidden-md hidden-lg">
								<li><a id="main-nav-resources-mobile" href="/resource-center#language_en">View All Resources</a></li>

							</ul>

							<div id="product-resources">
								<div class="menu-header">Product Resources</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/resource-center#content_customer-stories">Customer Stories</a></li>
									<li><a href="/resource-center#content_product-brief">Product Briefs</a></li>
									<li><a href="/resource-center#content_product-demo">Product Demos</a></li>
									<li><a href="/resource-center#content_product-review">Product Reviews</a></li>
									<li><a href="/resource-center#content_solution-brief">Solution Briefs</a></li>
									<li><a href="/resource-center#content_use-cases">Use Cases</a></li>

									<li><a id="free-trial" href="/products/usm-anywhere/free-trial">Free Trial</a></li>
								</ul>
							</div>
							<div id="security-resources">
								<div class="menu-header">Security Resources</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/resource-center#content_analyst-reports">Analyst Reports</a></li>
									<li><a href="/blogs">Blogs</a></li>
									<li><a href="/resource-center#content_ebook">eBooks</a></li>
									<li><a href="/resource-center#content_video">Videos</a></li>
									<li><a href="/resource-center#content_webcast">Webcasts</a></li>
									<li><a href="/resource-center#content_white-paper">White Papers</a></li>
									<li><a href="/resource-center#content_industry-reports">Industry Reports</a></li>
								</ul>
							</div>
							<div id="customer-resources">
								<div class="menu-header">Customer Resources</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="https://success.alienvault.com/">Success Center</a></li>
									<li><a href="/certification">Certification</a></li>
									<li><a href="/customer-success">Customer Success</a></li>
									<li><a href="/documentation">Documentation</a></li>
									<li><a href="/partners/certified-implementation-partners">Professional Services</a></li>
									<li><a href="/support">Support Overview</a></li>
									<li><a href="/training">Training</a></li>
								</ul>
							</div>
							<div id="browse-by-topic">
								<div class="menu-header">Browse by Topic</div>
								<ul class="list-unstyled sub-nav">
									<li><a href="/resource-center#category_incident-response">Incident Response</a></li>
									<li><a href="/resource-center#category_intrusion-detection">Intrusion Detection</a></li>
									<li><a href="/resource-center#category_partner-mssp-reseller">Partner: MSSP &amp; Reseller</a></li>
									<li><a href="/resource-center#category_regulatory-compliance">Regulatory Compliance</a></li>
									<li><a href="/resource-center#category_soc">Security Operations Center</a></li>
									<li><a href="/resource-center#category_siem-log-management">SIEM &amp; Log Management </a></li>
									<li><a href="/resource-center#category_threat-detection">Threat Detection</a></li>
									<li><a href="/resource-center#category_threat-intelligence">Threat Intelligence</a></li>
								</ul>
							</div>
						</div>

						<div class="dd-bottom visible-md visible-lg" id="view-all-resources">
							<div class="container-fluid">
								<a href="/resource-center#language_en">
									<span class="view-all-text">View All Resources &LongRightArrow;</span>
								</a>
							</div>
						</div>

					</div>
				</li>
				<li class="nav-item alien-labs">
					<a id="main-nav-alien-labs" href="/alien-labs" class="">AT&T Alien Labs</a>
				</li>
				<li class="nav-item visible-sm visible-xs">
					<a id="main-nav-contact" href="/contact">Contact</a>
				</li>
				<li class="nav-item support visible-sm visible-xs">
					<a id="main-nav-support" href="/support">Support</a>
				</li>

			</ul>
		</nav>

	</div>

	<div class="container-fluid visible-md visible-lg">
		
		
			<a id="main-nav-free-tools" class="header-nav-btn btn margin-bottom10" href="/pricing/request-quote">Get price</a>
		


	</div>
</header>

						




			<main class="blog-detail flexible-layout">
		<section id="blog-top-subnav" class="blog-subnav">
	<div class="blog-top-subnav-wrap">
		<div class="container-fluid">
			<div class="row">
				<ul id="blog-top-subnav-list">
					<li>Categories:</li>
					<li class=""><a href="/blogs">All
							blogs</a></li>
					<li class=""><a
							href="/blogs/security-essentials">Security essentials</a></li>
					<li class="active"><a href="/blogs/labs-research">AT&T Alien
							Labs research</a></li>
				</ul>
				<div class="blog-search search hidden visible-lg visible-md">
					<form action="/search-results" method="get" id="blog-search-form" __bizdiag="113" __biza="WJ__">
						<input name="q" id="blog-search-form-text" type="text" placeholder="Search"
							aria-label="Search"><button type="submit"><span
								class="glyphicon glyphicon-search"></span></button></form>
				</div>
				<div class="blog-top-subnav-mobile-wrap clearfix">
					<a href="#" class="ddm-toggle collapsed" data-toggle="collapse"
						data-target="#blog-top-subnav-mobile">Categories <i class="down"></i></a>
					<ul id="blog-top-subnav-mobile" class="collapse">
						<li class=""><a href="/blogs">All
								blogs</a></li>
						<li class=""><a
								href="/blogs/security-essentials">Security essentials</a></li>
						<li class="active"><a href="/blogs/labs-research">AT&T
								Alien Labs research</a></li>
						<li>
							<div class="blog-search search margin-bottom20">
								<form action="/search-results" method="get" id="blog-search-form" __bizdiag="113"
									__biza="WJ__"><input name="q" id="blog-search-form-text" type="text"
										placeholder="Search" aria-label="Search"><button type="submit"><span
											class="glyphicon glyphicon-search"></span></button></form>
							</div>
						</li>
					</ul>
				</div>
			</div>
		</div>
	</div>
</section>

<style>
	

	/* for snap scrolling */
	.blog-subnav {
		position: relative;
		min-height: 0 !important;
    	height: 40px;
	}
	@media (max-width:991px) {
		.blog-subnav {
			height: 60px;
			line-height:60px;
		}

	}

	.blog-top-subnav-wrap {
		position: relative;
		margin-right: 0px;
		background: #f2f2f2;
	}

	.blog-top-subnav-wrap.affix {
		position: fixed;
		width: 100%;
		top: 0;
		left: 0;
	}

	.blog-top-subnav-wrap.transition-primary {
		overflow: hidden;
		-webkit-transition: transform .3s ease;
		transition: transform .3s ease;
	}

	.blog-top-subnav-wrap.transition-primary.scroll-affix {
		transform: translateY(0) !important;
	}


	.hh .blog-top-subnav-wrap.affix.transition-primary {
		height: auto;
	}

	.hh .blog-top-subnav-wrap {
		min-height: auto;
	}

	.hh .blog-top-subnav-wrap {
		position: relative;
		transform: translateY(0);
	}

	.hh .blog-top-subnav-wrap.affix {
		position: fixed;
		width: 100%;
		top: 0;
		left: 0;
	}

	.hh .blog-top-subnav-wrap.transition-primary {
		transform: translateY(-110px);
		-webkit-transform: translateY(-110px);
	}

	.hh .blog-top-subnav-wrap.scroll-affix {
		transform: translateY(0);
		-webkit-transform: translateY(0);
		z-index: 998;
	}
</style>

				<section class="full-width-block">

					<div class="container-fluid">

						<div class="row flx-container">
							<div class="col-sm-7">
								<div class="blog-content-area">
									<div class="section-breadcrumb">
										  <ol class="m-bread-crumb-list l-bread-crumb-list" itemscope="" itemtype="http://schema.org/BreadcrumbList">

											  <li itemprop="itemListElement" itemscope="" itemtype="http://schema.org/ListItem">
												  <a itemprop="item" href="https://cybersecurity.att.com">
													  <span itemprop="name" style="padding-right: 10px;">AT&T Cybersecurity</span> <span class="glyphicon glyphicon-chevron-right"></span></a>
												  <meta itemprop="position" content="1">
											  </li>
											  <li itemprop="itemListElement" itemscope="" itemtype="http://schema.org/ListItem">
												  <a itemprop="item" href="https://cybersecurity.att.com/blogs">
													  <span itemprop="name" style="padding-left: 10px;">Blog</span></a>
												  <meta itemprop="position" content="2">
											  </li>
										  </ol>
									  </div>
									<div class="blog-title-date-author-area">
										<h1>Internet of Termites</h1>
										<div class="date">March 6, 2019 &nbsp;|&nbsp; <a href="/blogs/author/chris-doman">Chris Doman</a></div>
									</div>
									<div class="blog-body">
										<p><u><a href="http://rootkiter.com/Termite/" target="_blank">Termite</a></u> is a tool used to connect together chains of machines on a network. You can run Termite on a surprising number of platforms including mobile devices, routers, servers and desktops.</p>

<p>That means it can be used used to bounce a connection between multiple machines, to maintain a connection that otherwise wouldn&rsquo;t be possible:</p>

<p><img alt="" data-original="https://cdn-cybersecurity.att.com/blog-content/Internet_of_Termites_That_Means.jpg" style="width: 620px; height: 127px;" /></p>

<p>Termite is a useful networking and penetration testing tool, but we&rsquo;re seeing it used in attacks to enable access to machines too. There has been little reporting on Termite, beyond a brief mention in a <u><a href="https://securelist.com/luckymouse-ndisproxy-driver/87914/" target="_blank">report</a></u> by Kaspersky of an earlier version of Termite called &ldquo;<u><a href="http://rootkiter.com/EarthWorm/" target="_blank">EarthWorm</a></u>&rdquo;. Below, we&rsquo;ve provided an outline on some of the attackers we&rsquo;re seeing deploying Termite.</p>

<p><strong>Note:</strong> As we were publishing this, Symantec <u><a href="https://www.symantec.com/blogs/threat-intelligence/whitefly-espionage-singapore" target="_blank">released a report</a></u> on attackers using Termite in the 2018 attack <u><a href="https://www.bbc.co.uk/news/world-asia-44900507" target="_blank">stealing the health data</a></u> of a quarter of the Singapore population.</p>

<h2>How Termite and EarthWorm Work</h2>

<p>Termite and EarthWorm are <u><a href="http://rootkiter.com/Termite/" target="_blank">publicly available</a></u> tools written by <u><a href="https://twitter.com/rookiter" target="_blank">an employee</a></u> of 360NetLab. They can be considered an updated version of the well known packet relay tool <u><a href="https://www.secureworks.com/research/htran" target="_blank">HTRAN</a></u>.</p>

<p>Termite popped up on our radar when we were reviewing malicious binaries compiled to run on IoT architectures. Termite is available for <u>a range</u> <strike>https://github.com/rootkiter/Binary-files/tree/master/Termite/release/agent</strike> of different operating systems and architectures including x86 ARM, PowerPC, Motorola, SPARC and Renesas.</p>

<p>This means an attacker can use a long chain of desktop, mobile and IoT devices to be able to connect through networks and DMZs.</p>

<p>Termite can act as a SOCKS proxy to bounce traffic, as well as a lightweight backdoor that can upload and download files, and execute shell commands:</p>

<p><img alt="" data-original="https://cdn-cybersecurity.att.com/blog-content/Internet_of_termies_termites_can.jpg" style="width: 620px; height: 346px;" /></p>

<p>The Termite help function</p>

<p>For example, this is a typical sequence of commands you may see when investigating a compromised machine:</p>

<table border="0" cellpadding="0" cellspacing="0" width="624">
	<tbody>
		<tr>
			<td style="width:312px;">
			<p><strong>Victim Host</strong></p>

			<p>&nbsp;</p>

			<p>On a victim host, the attacker listens for incoming connections:</p>

			<p>agent.exe -l 8888</p>
			</td>
			<td style="width:312px;">
			<p><strong>Attacker Host</strong></p>

			<p>Then&nbsp; the attacker connects to the compromised machine:</p>

			<p>admin.exe -c [target_ip] -p 8888</p>

			<p>&nbsp;</p>

			<p>And selects which compromised system to interact with:</p>

			<p>goto 1</p>

			<p>&nbsp;</p>

			<p>Then they start a SOCKS proxy on the system to route traffic through it:</p>

			<p>socks 1080</p>

			<p>&nbsp;</p>

			<p>And a shell on the compromised system that they can connect to with netcat:</p>

			<p>shell 6666</p>
			</td>
		</tr>
	</tbody>
</table>

<p>Termite uses a distinctive binary protocol to initiate connections, as can be seen in this network traffic stream:</p>

<p><img alt="" data-original="https://cdn-cybersecurity.att.com/blog-content/Internet_of_termites_termite_uses_(1).jpg" style="width: 620px; height: 151px;" /></p>

<p>Network traffic generated by Termite</p>

<p>There is a good description of the command line arguments of EarthWorm <u><a href="https://seiscode.iris.washington.edu/projects/ew2ringserver/wiki/A_SeedLink_server_for_Earthworm" target="_blank">here</a></u>, and the source code of the agent is on <u><a href="https://github.com/anhilo/xiaogongju/tree/422136c014ba6b95ad3a746662be88372eb11b09" target="_blank">GitHub</a></u>.</p>

<h2>Malware</h2>

<p><strong>Mobile EarthWorm used to Spy on Targets in Taiwan</strong></p>

<p>We were surprised to find EarthWorm also packed into malware - presumably to provide packet relay functionality.</p>

<p>In one <u><a href="https://www.virustotal.com/gui/file/f8478ce363f824fc8dc14cebe84c29a4d12e66536c0250b9f12540e3a511935b/detection" target="_blank">Android application</a></u>, EarthWorm is hidden inside an image file called <u><a href="https://www.virustotal.com/#/file/ad560a69ad6aa327b59c123683189dec416889616b652beaa666a5919fe13935/relations" target="_blank">box_07.png</a></u>. The Application communicates with the hostname <u><a href="https://otx.alienvault.com/indicator/hostname/apache2013.qpoe.com" target="_blank">apache2013.qpoe[.]com</a></u> - which resolves to a <u><a href="https://community.riskiq.com/search/211.23.191.4" target="_blank">server in Taiwan</a></u>.</p>

<p>We&rsquo;ve previously investigated this server when it was <u><a href="https://www.virustotal.com/#/file/8774f27021146a863accbf34199a378a28ed28a1c616b8741a1dc8021783a4ec/behavior" target="_blank">hosting</a></u> Android malware known as <u><a href="https://blog.lookout.com/xrat-mobile-threat" target="_blank">Xsser</a></u>. The Xsser malware communicates with a familiar hostname <u><a href="https://www.virustotal.com/#/file/8774f27021146a863accbf34199a378a28ed28a1c616b8741a1dc8021783a4ec/behavior" target="_blank">apache2012.epac[.]to</a></u> and impersonates an application from a <u><a href="http://en.liontravel.com/" target="_blank">Taiwanese travel service</a></u>:</p>

<p><img alt="" data-original="https://cdn-cybersecurity.att.com/blog-content/Internet_of_termites_tiger.jpg" style="width: 620px; height: 687px;" /></p>

<p>The same server has also previously been associated <u><a href="https://otx.alienvault.com/indicator/hostname/zany.strangled.net" target="_blank">associated</a></u> with a group known as &ldquo;<u><a href="https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/" target="_blank">BlackTech</a></u>&rdquo; that primarily targets Taiwan.</p>

<p><strong>Windows EarthWorm</strong></p>

<p>We&rsquo;ve also seen EarthWorm packed in with <u><a href="https://www.virustotal.com/#/file/b1988efb8f1debd239e0c563f94d22362e43af77284796899f9987622ffb1463/detection" target="_blank">malware</a></u> from crypto-mining campaigns.</p>

<p>This malware is linked to a campaign previously <u><a href="https://s.tencent.com/research/report/503.html" target="_blank">reported on</a></u> by TenCent. Machines at a University Hospital in Guangzhou China, and a children&#39;s hospital in Chongqing China, were infected with crypto-mining malware.</p>

<p><strong>Will Cross-Platform Malware Become a Thing? </strong></p>

<p>Network operators <u><a href="https://www.infosecurity-magazine.com/news/iot-botnets-78-of-malware-on/" target="_blank">report</a></u> that a significant amount of malicious traffic on their networks are now driven by IoT malware. So far this has been driven by IoT and Linux specific malware such as Mirai and Xor DDoS.</p>

<h2>Detection</h2>

<p>We detect network traffic across the various Windows, Linux, OSX, mobile and IoT platforms with:</p>

<ul>
	<li>AV TROJAN EarthWorm/Termite IoT Agent Reporting Infection</li>
</ul>

<p>Additionally our host agent detects EarthWorm/Termite activity on hosts, and generically detects shell connections.</p>

<h3>OTX Pulse</h3>

<p>You can view indicators in <a href="https://otx.alienvault.com/pulse/5c6d2c0cd70d64283c424e7a" target="_blank">OTX</a>.</p>

<h3>Yara Rules</h3>

<p>rule EarthWorm : LinuxMalware</p>

<p>{</p>

<p>&nbsp;&nbsp;&nbsp; meta:</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; author = "AlienVault Labs"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; copyright = "Alienvault Inc. 2019"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; license = "Apache License, Version 2.0"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sha256 = "f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; description = "EarthWorm Packet Relay Tool"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; strings:</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $elf = {7f 45 4c 46}</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $string_1 = "I_AM_NEW_RC_CMD_SOCK_CLIENT"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $string_2 = "CONFIRM_YOU_ARE_SOCK_CLIENT"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $string_3 = "SOCKSv4 Not Support now!"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $string_4 = "rssocks cmd_socket OK!"</p>

<p>&nbsp;&nbsp;&nbsp; condition:</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $elf at 0 and 2 of them</p>

<p>}</p>

<p>&nbsp;</p>

<p>rule Termite : LinuxMalware</p>

<p>{</p>

<p>&nbsp;meta:</p>

<p>&nbsp;&nbsp;&nbsp; author = "AlienVault Labs"</p>

<p>&nbsp;&nbsp;&nbsp; copyright = "Alienvault Inc. 2019"</p>

<p>&nbsp;&nbsp;&nbsp; license = "Apache License, Version 2.0"</p>

<p>&nbsp;&nbsp;&nbsp; sha256 = "6062754dbe5503d375ad0e61f6b4342654624f471203fe50eb892e0029451416"</p>

<p>&nbsp;&nbsp;&nbsp; description = "Termite Packet Relay Tool"</p>

<p>&nbsp;&nbsp;&nbsp; strings:</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $elf = {7f 45 4c 46}</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $string_1 = "File data send OK!"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $string_2 = "please set the target first"</p>

<p>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; $string_3 = "It support various OS or CPU.For example"</p>

<p>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;$string_4 = "xxx -l [lport] -n [name]"</p>

<p>condition:</p>

<p>&nbsp;&nbsp;&nbsp; $elf at 0 and 2 of them</p>

<p>}</p>

<h3>Suricata Rule</h3>

<p>alert tcp $HOME_NET any -&gt; $EXTERNAL_NET any (msg:"AV TROJAN EarthWorm/Termite IoT Agent Reporting Infection"; flow:established,to_server; content:"|00 00 00 01|"; offset:1; depth:4; content:"|00 00 00 01 6b 00 00 00 01|"; distance:7; within:9; content:"agent"; distance:4; within:5; pcre:"/+?[ -&#127;]+?+?$/R"; reference:url,https://github.com/anhilo/xiaogongju/tree/422136c014ba6b95ad3a746662be88372eb11b09; classtype:trojan-activity; sid:xxx; rev:1;)</p>

<h3>EarthWorm and Termite</h3>

<h4>SHA256 Hash</h4>

<p>381774ed8d6d69975694247acc80e42831ee68b43583c8734af52adff8f73373</p>

<p>980fd1e947a8dd578c45bc76254b6aaa95b35e6ec33b8f41da268623500bd0f1</p>

<p>3d9aaac0a8e5c7eadd79d8d5c16119d04f4e9db7107fc44a1e32a8746a1ec375</p>

<p>1ae62dbec330695d2eddc7cb9a65d47bad5f45af95e6c8a803f0780e0749a3ad</p>

<p>27cd70b47588aa0a1c8d737cde89fe8de1351af49aa8f11378a1e26a40f268eb</p>

<p>3537b3eaad16d59c1f0c22d6cbcfe5a1b4542cc4f6a1e3135e26873c0dd4b06f</p>

<p>459333b4765363526b2f76353941a5e1346e9a71433bd16c1e34a03c3c13bf6b</p>

<p>3141ce911e3da8b0bf9744ef0603f7fac55be157eafc54995a752759882da1b2</p>

<p>18c3accc4f65aae7bf7897adef35abdcca3697884860a6b5360e4f2d07bc26ed</p>

<p>46af7c0674c69df2af1905ea58288f24d2d10e644d5446d8d2b71b251e8e70bd</p>

<p>e05ef2747f973d6ae9e4bd5fbeede55b27afd44882b83b4aee79330e856757e8</p>

<p>a585eb434239e5c1714192482f20ec2483bf8eae4654ef77973524b3a151b455</p>

<p>73fc266095e6d582b79db226145d0990129ad72c584863a61f3bd0e8056a0435</p>

<p>58fcbf640b58a45f2fed22fdd70c5d73ae781274927a2def5f71cb3e4ce02a15</p>

<p>d57cbbc5b6f0d223b5a3470a6a444ea4ef49dad718cbe992c92cca935cfdac7d</p>

<p>ef1d610dd78efae3dfa2eebade2ee76882b7e2b5df140aa068e25519d800bc63</p>

<p>825790dbcdf9b7a69b9a566f71bc167a0a8353e735390c5815b247ac58efa817</p>

<p>da584a49609de5985f5ba64cfb215f0c30c93fac11563ea32afa3820b3327139</p>

<p>a487628dc7647507f77cff66269d5d4588c7647e408b07ec0c4b1f16a93eefc4</p>

<p>8b6d83c919ad123d4b27f3404604e99eeba9196cf81f3210a65d8ae1b89465a6</p>

<p>7aa2f4a66d72adefd632e15dee392cbeab0a843a4890598a9610660897b398f1</p>

<p>afb55dc8b4bcff758082efde93e5ca9c2a6a725b16a4c82e7675393bf46fecfd</p>

<p>d21cccc6cb3f8313098da5b7ad6a37b5349835a702b5caf8e794a7c6903f40c5</p>

<p>5bcac0a74645424d26b217b7725be826b7d558ecbce7ec5d3072d802e1834181</p>

<p>44370c394c70f88cd9ecfb23f9d6570e2134761d1a04deea5205cec31469cfb0</p>

<p>3af0857c9fae7e41683d34af7e04c6ed29439466761512ebbf28bad7561d092b</p>

<p>9b3d82bb1aff3a17a490dd4da09cd315d8e94a52b8caa31ef7a7cf2a89c9d87a</p>

<h3>Android Malware</h3>

<h4>SHA256 Hash</h4>

<p>8774f27021146a863accbf34199a378a28ed28a1c616b8741a1dc8021783a4ec</p>

<p>ad560a69ad6aa327b59c123683189dec416889616b652beaa666a5919fe13935</p>

<p>f8478ce363f824fc8dc14cebe84c29a4d12e66536c0250b9f12540e3a511935b</p>

<h4>Hostnames</h4>

<p>zany.strangled[.]net</p>

<p>apache2012.epac[.]to</p>

<p>apache2013.qpoe[.]com</p>

<h3>Cryptomining Malware</h3>

<h4>SHA256 Hash</h4>

<p>b1988efb8f1debd239e0c563f94d22362e43af77284796899f9987622ffb1463</p>

<h4>Hostnames</h4>

<p>logv586[.]cc</p>

<p>sock5[.]co</p>
									</div>
									<div class="blog-related">
									<div class="be-ix-link-block"></div>
									</div>
								</div>
								<div class="blog-share">
									<h3>Share this with others</h3>
									<div class="blog-share-social-icons">

										<div class="sharethis-inline-share-buttons"></div>
									</div>
								</div>



								<div class="blog-categories">
								<p style="margin-bottom: 0px;">Tags: <a href="/blogs/tag/malware" title="malware" rel="nofollow">malware</a>, <a href="/blogs/tag/otx" title="otx" rel="nofollow">otx</a>, <a href="/blogs/tag/penetration+testing" title="penetration testing" rel="nofollow">penetration testing</a>, <a href="/blogs/tag/attacks" title="attacks" rel="nofollow">attacks</a></p>
								</div>

							</div>
							
							<div class="col-sm-4 col-md-offset-1">
								<div>
									<div class="blog-sidebar-block">
    <form id="searchbox_002748587151982842036:gharkgtx6cu" action="/search-results/blog" class="sidebar-search">
        <input value="002748587151982842036:gharkgtx6cu" name="cx" type="hidden" />
        <input value="FORID:11" name="cof" type="hidden" />
        <div class="search-button">
            <input value="Search" name="sa" type="submit" />
        </div>
        <div class="search-field">
            <input id="q" name="q" type="text" aria-label="Search our blogs" placeholder="Search our blogs" />
        </div>
    </form>
</div>

									<div class="promo-block">
										
													
			<style type="text/css">#blog-promo-block-v2 .blog-promo-item-v2 {
    box-shadow: 1px 1px 5px #D2D2D229;
    border: 1px solid #D2D2D2;
    margin-bottom: 30px;
}
#blog-promo-block-v2 .blog-promo-item-v2 .blog-promo-resource-type-v2 {
    font-size: 14px;
    color: #0568AE;
    font-weight: 500;
    padding: 15px;
    margin: 0;
}
#blog-promo-block-v2 .blog-promo-item-v2 .blog-promo-item-text-v2 {
    margin-bottom:15px;
}
#blog-promo-block-v2 .blog-promo-item-v2 .blog-promo-item-text-v2 a {
    color: black;
    text-decoration: none;
    font-weight: 500;
}
#blog-promo-block-v2 .blog-promo-item-v2 .blog-promo-item-text-v2 p {
   margin: 0 15px;
}

#blog-promo-block-v2 .blog-promo-item-icon-v2 {
   margin: 15px;
   font-size: 16px;
}
#blog-promo-block-v2 .blog-promo-item-icon-v2 .icon-right {
    width: 20px;
    height: 20px;
    border: 1px solid #0568ae;
    border-radius: 20px;
    font-size: 9.5px;
    line-height: 18px;
    font-weight: 400;
    margin-right: 10px;
    padding-left: 4px;
    top: -1px;
}
@media (max-width: 1024px) {
 .blog-promo-item-v2 img {
    display: none;
  }
}
</style>
<div id="blog-promo-block-v2">
<h3>Featured resources</h3>

<div class="blog-promo-item-v2"><img alt="" src="https://cdn-cybersecurity.att.com/images/uploads/resource-images/5g-and-the-journey.jpg" />
<p class="blog-promo-resource-type-v2">INDUSTRY REPORT</p>

<div class="blog-promo-item-text-v2">
<p><a href="/resource-center/industry-reports/cybersecurity-insights-report-tenth-edition">AT&amp;T Cybersecurity Insights&trade; Report:<br />
5G and the Journey to the Edge</a></p>
</div>

<div class="blog-promo-item-icon-v2"><span aria-hidden="true" class="icon-right glyphicon glyphicon-chevron-right">&nbsp;</span> <a href="/resource-center/industry-reports/cybersecurity-insights-report-tenth-edition">Learn more</a></div>
</div>

<div class="blog-promo-item-v2"><img alt="" src="https://cdn-cybersecurity.att.com/images/uploads/resource-images/security-maturity-assessment.jpg" />
<p class="blog-promo-resource-type-v2">SELF ASSESSMENT</p>

<div class="blog-promo-item-text-v2">
<p><a href="/resource-center/security-maturity-assessment?utm_internal=blog-rail-assess">Benchmark your cybersecurity maturity</a></p>
</div>

<div class="blog-promo-item-icon-v2"><span aria-hidden="true" class="icon-right glyphicon glyphicon-chevron-right">&nbsp;</span> <a href="/resource-center/security-maturity-assessment?utm_internal=blog-rail-assess">Explore</a></div>
</div>
</div>
		
										

									</div>
								</div>
							</div>
						</div>
					</div>
				</section>


			</main>


			
			<style>

    /* Sticky button */
    .desktop .sticky_bottom_keeper {
        height: 80px;
    }
    .sticky_bottom_desktop.fixed {
        height: 80px;
    }
    .sticky_bottom_keeper .btn {
        color: #fff;
    }
    .sticky_bottom_keeper .btn-white {
        border: 2px solid #fff;
    }
    .sticky_bottom_keeper .btn-white.btn-border {
        background: transparent;
    }




    .line.line-8 {
        height: 8px;
    }

    .hh .sticky_bottom_keeper {
        display: none;
    }


</style>
<div class="sticky_bottom_keeper">

    <div class="sticky_bottom sticky_bottom_desktop ibp">
        <a href="/pricing/request-quote?utm_internal=sb_quote" class="btn btn-border btn-white btn-rounded btn-with-arrow">Get price</a>
        <a href="/products/usm-anywhere/free-trial?utm_internal=sb_freetrial_modal" class="btn btn-border btn-white btn-rounded btn-with-arrow">Free trial</a>

    </div>

</div>

			
		


		<footer id="footer" class="hidden-print">
  <div class="container-fluid">
    <div class="row">
      <div class="col-sm-6 col-md-3">
        
        <div class="footer_logo"><a href="https://business.att.com" target="_blank" rel="noopener"><img src="data:image/svg+xml;utf8,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20width%3D%22263px%22%20height%3D%2256px%22%3E%3Crect%20fill%3D%22none%22%20width%3D%22263%22%20height%3D%2257%22%2F%3E%3C%2Fsvg%3E" data-original="https://cdn-cybersecurity.att.com/images/uploads/logos/att_biz_hz_pref_rgb_white.png" alt="AT&T Business"></a></div>
        <div class="footer_featured">

          <div class="footer_featured_title">From the Blog</div>
          <article class="footer_featured_article">
            <div class="footer_featured_article_author clearfix">
	            
										<img src="data:image/svg+xml;utf8,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20width%3D%22150px%22%20height%3D%22150px%22%3E%3Crect%20fill%3D%22none%22%20width%3D%22150%22%20height%3D%22150%22%2F%3E%3C%2Fsvg%3E" data-original="/avatars/uploads/avatar_451.jpg" width="150" height="150" alt="Aaron Trofman" />
									
              <div class="footer_featured_article_author_data">
                <h4>Aaron Trofman</h4>
                <time datetime="2022-05-28">Sep 28, 2022</time>
              </div>
            </div>
            <h3><a href="https://cybersecurity.att.com/blogs/security-essentials/stories-from-the-soc-c2-over-port-22" id="footer-link-blog-post">Stories from the SOC - C2 over port 22</a></h3>
          </article>
          <a id="footer-link-blog-all" href="/blogs" class="footer_featured_more">Explore All Blog Posts
            &#8250;</a>
        </div>
        

        <div class="social-style">
          <a href="https://www.twitter.com/attcyber/" class="social-link-twitter" target="_blank">Twitter</a>
          <a href="https://www.linkedin.com/company/attcybersecurity/" class="social-link-linkedin" target="_blank">LinkedIn</a>
          <a href="https://www.facebook.com/ATTCyber/" class="social-link-facebook" target="_blank">Facebook</a>
          <a href="https://www.youtube.com/c/attcybersecurity" class="social-link-youtube" target="_blank">Youtube</a>
          <a href="https://www.instagram.com/attbusiness/" class="social-link-instagram" target="_blank">Instagram</a>
        </div>
      </div>

      <div class="col-sm-6 col-md-3">
        <div class="footer_links">
          <div class="heading">Who We Are</div>
          <ul>
            <li><a id="footer-link-labs" href="/alien-labs">Alien Labs</a></li>
            <li><a id="footer-link-customers" href="/who-we-are/customers">Customers</a></li>
            <li><a id="footer-link-careers" href="/who-we-are/careers">Careers</a></li>
            <li><a id="footer-link-contact" href="/contact">Contact Us</a></li>
          </ul>
        </div>

        <div class="footer_links">
          <div class="heading">News</div>
          <ul>
            <li><a id="footer-link-news-room" href="/who-we-are">Newsroom</a></li>
            <li><a id="footer-link-events" href="/who-we-are/events">Events</a></li>
            <li><a id="footer-link-blogs" href="/blogs">Blogs</a></li>
          </ul>
        </div>

        <div class="footer_links">
          <div class="heading">Partners</div>
          <ul>
            <li><a id="footer-link-partners" href="/partners">Partner Programs</a></li>
            <li><a id="footer-link-partner-portal" href="/partners/partner-portal/">Partner Portal</a></li>
          </ul>
        </div>
      </div>

      <div class="col-sm-6 col-md-3">
        <div class="footer_links">
          <div class="heading">Products</div>
          <ul>
		  	<li><a id="footer-link-mtdr" href="/products/managed-threat-detection-and-response">AT&T Managed Threat Detection and Response</a></li>
            <li><a id="footer-link-usm-anywhere" href="/products/usm-anywhere">USM Anywhere</a></li>
            <li><a id="footer-link-usm-mssp" href="/products/usm-for-mssp">XDR for MSSPs</a></li>
            <li><a id="footer-link-otx" href="/open-threat-exchange">Open Threat Exchange (OTX)</a></li>
            <li><a id="footer-link-ossim" href="/products/ossim">OSSIM</a></li>

          </ul>
        </div>



        <div class="footer_links">
          <div class="heading">Solutions</div>
          <ul>
            <li><a id="footer-link-cloud-security" href="/solutions/cloud-security-monitoring">Cloud Security Monitoring</a></li>
            <li><a id="footer-link-threat-detection" href="/solutions/threat-detection">Threat Detection</a></li>
            <li><a id="footer-link-ids" href="/solutions/intrusion-detection-system">Intrusion Detection</a></li>
            <li><a id="footer-link-siem" href="/solutions/siem-platform-solutions">SIEM platform solutions</a></li>
            <li><a id="footer-link-vulnerability" href="/solutions/vulnerability-assessment-remediation">Vulnerability
                Assessment</a></li>
            <li><a id="footer-link-all-solutions" class="btn-with-arrow" href="/solutions">See All Solutions</a></li>
          </ul>
        </div>
      </div>

      <div class="col-sm-6 col-md-3">
        <div class="footer_links">
          <div class="heading">Resources</div>
          <ul>
            <li><a id="footer-link-resources" href="/resource-center">Resources</a></li>
            <li><a id="footer-link-blog" href="/blogs">Blogs</a></li>
            <li><a id="footer-link-reference-guide" href="https://www.business.att.com/content/dam/attbusiness/guides/att-information-and-network-security-customer-reference-guide.pdf" target="_blank">Customer Reference Guide</a></li>

          </ul>
        </div>

        <div class="footer_links">
          <div class="heading">Customer Success</div>
          <ul>
            <li><a id="footer-link-support" href="/support">Support &amp; Services</a></li>
            <li><a id="footer-link-customer-portal" href="https://success.alienvault.com" target="_blank">Success Center</a></li>
            <li><a id="footer-link-documentation" href="/documentation">Documentation Center</a></li>
            <li><a id="footer-link-classroom-training" href="/training">Training</a></li>
            <li><a id="footer-link-certification" href="/certification">Certification</a></li>
          </ul>
        </div>

        <div class="footer_contact">
          <a href="/contact" id="footer-button-contact" class="btn btn-blue margin-bottom20">Contact us</a>
        </div>
      </div>
    </div>
    <div class="footer_legal">
      <p class="footer_legal_copy">&copy; Copyright 2022</p>
      <ul class="footer_legal_links">
        <li><a id="footer-link-privacy" href="/legal/privacy-policy">Privacy Policy</a></li>
        <li><a id="footer-link-terms" href="/terms/website-terms-of-use07may2018">Website Terms of Use</a></li>
        <li><a id="footer-link-gdpr" href="/legal/gdpr">GDPR</a></li>
        <li><a id="footer-link-cookie" href="/legal/cookie-policy">Cookie Policy</a></li>
        <li><a id="footer-link-personal-info" href="https://about.att.com/csr/home/privacy/rights_choices.html" target="_blank">Your Privacy Choices</a></li>

      </ul>
    </div>
  </div>
</footer>

<div id="valid_content"></div>

		
	<script src="https://cdn-cybersecurity.att.com/js/v2/imports/blog-bundle.min.js?v=20220927602681" defer></script>






		



<div class="cookie-notice">
    <p>We use cookies to provide you with a great user experience. By using our website, you agree to our <a href="https://www.att.com/privacy">Privacy Policy</a> and <a href="/terms/website-terms-of-use07may2018">Website Terms of Use</a>.</p>
    <a class="cookie-notice-close" href="#" aria-label="Close Cookie Notice"><span class="glyphicon glyphicon-remove"></span></a>
</div>


<!-- WGT-10310 -->

<!-- END WGT-10310 -->

<script type="text/javascript" async src="https://cdn-cybersecurity.att.com/js/v2/imports/vidyard-av.js" ></script>
<script type="text/javascript" defer src="//play.vidyard.com/embed/v4.js"></script>
<script type="text/javascript" defer src="//play.vidyard.com/v1/progress-events.js"></script>




<script>
if (typeof ddo !== "undefined") {initAdobePageTrackingFooter();}

function initAdobePageTrackingFooter() {
    
    customAdobeTrackingPageLoadObj['page.pageInfo.pageTitle'] = document.title.trim();

    

    customAdobeTrackingPageLoadObj['page.pageInfo.friendlyPageName'] = 'CYB '+ document.title.trim() +' Pg';

    customAdobeTrackingPageLoadObj['page.pageInfo.language'] = 'EN';
    customAdobeTrackingPageLoadObj['page.pageInfo.lineOfBusiness'] = 'Business Solutions';
    customAdobeTrackingPageLoadObj['page.category.pageFunction'] = 'Learn';
    customAdobeTrackingPageLoadObj['page.category.pageOwnership'] = 'Business';
    customAdobeTrackingPageLoadObj['page.attributes.applicationName'] = 'CYB';
    customAdobeTrackingPageLoadObj['page.pageInfo.appCode'] = 'ACS';
    customAdobeTrackingPageLoadObj['page.category.siteSection'] = 'CYB';
    customAdobeTrackingPageLoadObj['page.category.siteSection'] = 'CYB';
    customAdobeTrackingPageLoadObj['page.media.class'] = 'Text';
    customAdobeTrackingPageLoadObj['page.media.category'] = 'Security';
    customAdobeTrackingPageLoadObj['page.location.domain'] = window.location.hostname;
	ddo.pushEvent('pageLoad', 'Page_Load', customAdobeTrackingPageLoadObj);
}
</script>


		<script>
			window.addEventListener('DOMContentLoaded', function() {
				$(window).load(function () {
					var hideSubscribe = AV.Utilities.readCookie('stickyBlogSubscribe');
					// if the cookie hasn't been set...
					if (hideSubscribe == null) {
						setTimeout(function () {
							// make the modal appear
							$('#blog-subscribe-box').fadeIn();
						}, 10000);

						// when the "Close" button is clicked
						$('.blog-subscribe-close-btn').click(function (e) {
							e.preventDefault();
							// set the cookie
							AV.Utilities.setCookie('stickyBlogSubscribe', true, 1);
							$('#blog-subscribe-box').fadeOut();
						});
					}
				});
			});
		</script>

	<script type="text/javascript"  src="/JJXCMsWMNV/kL5kZpfY/-5/LOukpN3L7u/UhAMAQ/bGgs/BG4OXQkB"></script><link rel="stylesheet" type="text/css"  href="/_sec/cp_challenge/sec-3-8.css">
          <script  src="/_sec/cp_challenge/sec-cpt-3-8.js" async defer></script>
          <div id="sec-overlay" style="display:none;">
          <div id="sec-container">
          </div>
        </div></body>
</html>
